Skip to content

Commit

Permalink
fix XSS vulnerability
Browse files Browse the repository at this point in the history
  • Loading branch information
@freegenie
freegenie committed Feb 8, 2018
1 parent a729f20 commit 39c9952
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion class-bjgk-genesis-enews-extended.php
View file
Expand Up @@ -98,7 +98,7 @@ function widget( $args, $instance ) {
}

// Establishes current URL for MailPoet action fields.
$current_url = ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$current_url = ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . esc_attr( $_SERVER['REQUEST_URI'] );

echo $before_widget . '<div class="enews">';

Expand Down

1 comment on commit 39c9952

@kraftbj
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would suggest esc_attr_e later when this value is actually outputted. I'm patching this in the original plugin.

Please sign in to comment.